3

I want to run an X11 program on the SERVER and display the window on the CLIENT.

I have a shell on the server to start with. (This is not an SSH shell, but some cluster computing software) The program must somehow be started from this shell.

I have SSH access and direct access to the CLIENT, however I cannot SSH from the CLIENT to the SERVER.

I want to run the program on the SERVER and open the window on the client. How do I do it?

Philipp F
  • 285
  • Can you log on to the server at all? You need to be able to have some sort of network connection between the client and server, but it doesn't matter which end starts the connection. – Chris Davies Jun 12 '15 at 16:28

2 Answers2

1

Reverse tunnel method

You can SSH from A to B but you want to SSH from B to A? A generic solution is to create a reverse SSH tunnel. From SERVER:

ssh -f -N -R 4222:localhost:22 CLIENT

Now you can SSH to port 4222 on CLIENT and log into the server. Turn on X11 forwarding on that connection.

ssh -p 4222 -X localhost

Manual setup method

Alternatively, you can set up X11 forwarding manually to the desired display. If you want to forward display :20 on CLIENT to display :0 on SERVER:

ssh -L 6020:localhost:6000 CLIENT

Applications can only use an X display if they show proper authorization. This takes the form of a “cookie” (randomly generated value that serves as a password). You need to retrieve the cookie value and run the command xauth add :20 MIT-MAGIC-COOKIE-1 …. See Open a window on a remote X display (why "Cannot open display")?. In your case, you can obtain the cookie value on SERVER by running the command xauth list in your X session.

Once you've established the TCP forwarding and set the cookie value, set export DISPLAY=:20 and run your application.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060
  • Hi, sorry but this won't work, because there is no SSH access to the server at all (i.e. no SSHD running), so your second command will fail, because no-one is listening on port 22 on the server (tunnelled thru 4222) – Philipp F Jun 12 '15 at 14:37
  • @PhilippF Then you'll have to use the second method: forward X11 over TCP and set the cookie manually. – Gilles 'SO- stop being evil' Jun 12 '15 at 15:53
0

Assuming you have ssh on the server (that is you can ssh out of the server just not to it), you can port forward from the server to your client.

SERVER$ ssh -L6000:127.0.0.1:6000 CLIENT.ip.or.name

This will forward the local 6000 port on the server through the ssh tunnel to the localhost port 6000.

user1794469
  • 4,067
  • 1
  • 26
  • 42
  • Hi, I tried that, but it gives my an authentication error although I am using the correct .Xauthority – Philipp F Jun 11 '15 at 12:42
  • Well that sounds like a good start. You probably just need to add the permissions. Though it's insecure you can try xhost + on the local machine. Whether this works or not be sure to turn access control back on xhost - – user1794469 Jun 11 '15 at 20:10